http://forum.joomla.org/viewtopic.php?f … p;t=814122
is this right? Does my site has problems because of the Joomsport extension? How do i solve this problem?
JoomSport component was listed on the vulnerable extensions list for the following reason:
JoomSport media folder (and all nested folders)had permission 777 that allows anybody to list files, create new files in the directory and delete files in the directory so an intruder can use this ability to hack the website by inputting some scripted file into the media folder but only in case if he knows for sure the path to this media folder.
Now we fixed this problem in version JoomSport 2.9.0 and JoomSport 3.2.0 by changing the folder permission to the 755- in this case- the directory owner only has full access. All others may list the directory, but cannot create files nor delete them. This setting is common for directories that you wish to share with other users. So currently the media folder is protected from the external input.
If you don’t have ability to update JoomSport component you can manually change permissions to 755 for media/bearleague folder and all nested folders via ftp.
Kind Regards, Irene
BearDev support team